On 6/29/2016 5:10 AM, Carlos Barrabes wrote: > Hello, > > Im trying to create an intermediate CA so I can issue certificates with > a trust path pointing to our RootCA but I'm facing some issues while > following the documentation in the project's site. > > Once I'm done with step two, you import the external and ca-signing > certificates into a users NSS db and then the wiki says you have to > import the CA admin certificate and key but the problem is there is no > such thing after starting the instance via custom config file or I > simply cannot find them. > > Any suggestions? > > Thanks for your time! > > I am running Dogtag 10.2.6-12 on a Fedora 22 server machine and the > prodecure Im following is this one: > http://pki.fedoraproject.org/wiki/Installing_CA_with_Externaly-Signed_CA_... > Hi, At the end of the PKI server installation the admin certificate and key will be stored in a PKCS #12 file and the location should be displayed in the final installation message. Usually it is stored in this location: /root/.dogtag/pki-tomcat/ca_admin_cert.p12 But that could change depending on your deployment configuration that you supplied to pkispawn. After the PKI server installation you can set up the PKI client to manage CA services. First initialize the client: $ pki -c Secret123 client-init Then import the root CA certificate: $ pki -c Secret123 client-cert-import "Root CA Certificate" --ca-cert root-ca.crt Then import the PKI CA certificate: $ pki -c Secret123 client-cert-import "PKI CA Certificate" --ca-cert ca_signing.crt Then import the CA admin certificate & key: $ pki -c Secret123 client-cert-import caadmin --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 --pkcs12-password-file /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf Then you should be able to access CA services as the admin, for example: $ pki -c Secret123 -n caadmin ca-user-find Just let me know if you have any question.